CVE-2026-22665: CWE-178 Improper Handling of Case Sensitivity in prompts.chat
prompts. chat versions prior to commit 1464475 have an identity confusion vulnerability caused by inconsistent case sensitivity in username handling. This flaw allows attackers to register usernames that differ only in letter casing, bypassing uniqueness checks. Exploitation can lead to impersonation of legitimate users, unauthorized replacement of profile content on canonical URLs, and injection of attacker-controlled metadata and content. The vulnerability has a high severity score of 8. 6 but no known exploits in the wild. No official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
CVE-2026-22665 is a CWE-178 vulnerability in prompts.chat where inconsistent case-sensitive and case-insensitive processing of usernames across write and read operations enables identity confusion. Attackers can create case-variant usernames that circumvent uniqueness enforcement, resulting in non-deterministic username resolution. This can be exploited to impersonate victim accounts, overwrite profile content on canonical URLs, and inject malicious metadata and content platform-wide. The vulnerability affects all versions prior to commit 1464475 and has a CVSS 4.0 score of 8.6 (high severity). There is no vendor advisory or patch information available at this time.
Potential Impact
The vulnerability allows attackers to bypass username uniqueness checks by exploiting inconsistent case handling, leading to identity confusion. This can result in impersonation of legitimate users, unauthorized modification of profile content, and injection of attacker-controlled data across the platform. Such impacts compromise user trust and platform integrity. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users and administrators should monitor for updates from the vendor and consider implementing manual controls or restrictions on username case variants if feasible.
CVE-2026-22665: CWE-178 Improper Handling of Case Sensitivity in prompts.chat
Description
prompts. chat versions prior to commit 1464475 have an identity confusion vulnerability caused by inconsistent case sensitivity in username handling. This flaw allows attackers to register usernames that differ only in letter casing, bypassing uniqueness checks. Exploitation can lead to impersonation of legitimate users, unauthorized replacement of profile content on canonical URLs, and injection of attacker-controlled metadata and content. The vulnerability has a high severity score of 8. 6 but no known exploits in the wild. No official patch or remediation guidance is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-22665 is a CWE-178 vulnerability in prompts.chat where inconsistent case-sensitive and case-insensitive processing of usernames across write and read operations enables identity confusion. Attackers can create case-variant usernames that circumvent uniqueness enforcement, resulting in non-deterministic username resolution. This can be exploited to impersonate victim accounts, overwrite profile content on canonical URLs, and inject malicious metadata and content platform-wide. The vulnerability affects all versions prior to commit 1464475 and has a CVSS 4.0 score of 8.6 (high severity). There is no vendor advisory or patch information available at this time.
Potential Impact
The vulnerability allows attackers to bypass username uniqueness checks by exploiting inconsistent case handling, leading to identity confusion. This can result in impersonation of legitimate users, unauthorized modification of profile content, and injection of attacker-controlled data across the platform. Such impacts compromise user trust and platform integrity. There are no known exploits in the wild currently.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users and administrators should monitor for updates from the vendor and consider implementing manual controls or restrictions on username case variants if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-01-08T19:04:26.364Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d026ec0a160ebd92593012
Added to database: 4/3/2026, 8:45:32 PM
Last enriched: 4/3/2026, 9:00:51 PM
Last updated: 4/3/2026, 11:16:50 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.